strange tcp behavior; all systems except 1 connect to ubuntu on google compute engine

Gary Aitken ubuntu at dreamchaser.org
Wed Dec 9 19:53:12 UTC 2020 

I'm trying to debug a situation where tcp conversation started from a single
machine in my home/work network are ignored by a google compute engine
running ubuntu. I get the same behavior from two different systems, one
a long established system running ubuntu 16.04 and another newly minted one
running ubuntu 18.04.  I used to be able to connect to the 16.04 system ok.

Topology:

A fbsd -------\
                C fbsd firewalll/gateway -- Google cloud -- D ubuntu
B ms-win-10 --/

If I request an SSH or HTTP/HTTPS session on D from machine A I get no
response.  A tcpdump on D shows the initial syn packet arriving, but
there is no reply.

An HTTP/HTTPS request from B or C to D succeeds.

Using the web-based console interface for the account on GCE for machine D,
a request to display an SSH session shows up (that's how I can get the
tcpdump).

I see the above behavior for two different machines D, one a long-established
ubuntu 16.04 where this used to work, and one a newly spawned ubuntu 18.04.

There are no special firewall rules on machine D (either one); the general
rules set up when the VM was created allowing HTTP, HTTPS, and SSH access
are there with no further holes/blocks.

If I turn on DEBUG logging for sshd on machine D, there is no information
written to the log when the request comes in; it's as if it came in and was
immediately dropped.

Machines A and B have private IP addrs, but a non-private IP addr is
specifically mapped to A by ipfw rules in C.  B is mapped to a specific
IP addr used for all other internal machines, and C has its own IP addr.

Since I see the request to open a connection at D, I *think* it should have
nothing to do with my internal firewall rules; but I can't think of what
could be preventing machine D from responding.

What could be preventing machine D from answering a request by machine
A, when a similar request from B or C works?

What do ubuntu systems, particularly those for GCE, use for packet filtering?
Why would I see the packet come in, but there is no trace of it in
/var/log/auth.log (for ssh requests) or /var/log/apache2/access.log or
error.log (for http/s) requests)?

Thanks for any clues,

Gary

More information about the ubuntu-users mailing list